Last updated: July 13, 2026
Matthias Siano
Weizenkamp 2
22081 Hamburg, Germany
Email: [email protected]
Email address - only if you voluntarily create an account to use social/leaderboard features.
Step counts retrieved from Google Health Connect or local device sensors. We do not request more than steps.
Private messages you exchange with other users. Message content and metadata (sender, recipient, timestamp) are stored on Supabase (EU) to deliver the chat feature.
Images you voluntarily upload (e.g. in chats). They are stored in Supabase Storage (EU) and are only accessible to the intended recipients.
A device-specific push token (Firebase Cloud Messaging) so we can deliver notifications such as new messages or challenge updates to your device.
Anonymous crash and performance diagnostics (device model, OS version, app version, timestamps, error traces).
Emails you send for support or inquiries.
You can withdraw consent at any time in the app settings; this does not affect prior lawful processing.
Backend data - including the social feature database, private messages, and uploaded images (Supabase Storage) - is hosted on Supabase (Frankfurt, Germany / EU). A Data Processing Agreement (Art. 28 GDPR) is in place with Supabase. This data is not transferred to non-EU/EEA countries.
Push notifications are delivered via Firebase Cloud Messaging (Google Ireland Limited). For delivery, your push token is processed by Google, which may involve a transfer to the USA. This transfer is safeguarded by Google's certification under the EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses.
We do not sell or share your data for advertising or profiling. Data is only processed by essential infrastructure providers (e.g. hosting, crash diagnostics, push notification delivery) bound by contractual safeguards. Messages and images you send are, by design, visible to the users you share them with.
Art. 15 (access) and Art. 20 (data portability)
Art. 16 (rectification) and Art. 18 (restriction)
Art. 17 (erasure) and Art. 21 (objection, where applicable)
Art. 7(3) GDPR and complaint right under Art. 77 GDPR
Exercise your rights anytime via [email protected]. For account deletion use the in-app function or email us.
Step counts qualify as health-related data in context. We only process them on the backend for social features after your explicit opt-in. You can revoke consent anytime in settings; backend copies are then deleted (or queued for purge) and only local tracking remains.
We apply industry-standard safeguards (least privilege access, encrypted transport (HTTPS/TLS), role-based database policies). No system is 100% secure, but we continually improve safeguards and minimize stored data.
We may update this policy for feature or legal changes. The latest version is always available here. Material changes will be highlighted in-app before they take effect.
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For Hamburg users the competent authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 7. OG
20459 Hamburg, Germany
Tel: +49 40 428 54 4040
Website: datenschutz-hamburg.de
Email: [email protected]
No Data Protection Officer (DPO) is appointed because the criteria of Art. 37 GDPR (large-scale monitoring / special categories) are not met.
If you have any questions about this Privacy Policy or want to exercise your rights, please contact us:
Email:[email protected]
Data Deletion:Request data deletion
Diese deutschsprachige Zusammenfassung dient nur der besseren Verständlichkeit. Verbindlich ist die obige englische Fassung.
Matthias Siano, Weizenkamp 2, 22081 Hamburg, E-Mail: [email protected]
Datenbank, Nachrichten und Bilder: Supabase (Frankfurt/EU), keine Drittstaatenübermittlung. Push-Benachrichtigungen: Firebase Cloud Messaging (Google); dabei mögliche Übermittlung des Push-Tokens in die USA, abgesichert über das EU-U.S. Data Privacy Framework und Standardvertragsklauseln.
Auskunft, Berichtigung, Löschung, Einschränkung, Datenübertragbarkeit, Widerruf, Beschwerde (Aufsichtsbehörde Hamburg).
Kann jederzeit in den App-Einstellungen widerrufen werden; danach nur lokale Verarbeitung.
Übliche technische und organisatorische Maßnahmen; geringstmögliche Datenspeicherung.
Kein Missbrauch, Spam oder manipulierte Daten. Verstöße können zur Sperrung führen.
Letzte Aktualisierung: 13. Juli 2026